def test_interactive_deposit_bad_issuer(
client, acc1_usd_withdrawal_transaction_factory):
withdraw = acc1_usd_withdrawal_transaction_factory()
payload = interactive_jwt_payload(withdraw, "withdraw")
payload["iss"] = "bad iss"
encoded_token = jwt.encode(payload,
settings.SERVER_JWT_KEY,
algorithm="HS256")
token = encoded_token.decode("ascii")
response = client.get(f"{WEBAPP_PATH}?token={token}")
assert "Invalid token issuer" in str(response.content)
assert response.status_code == 403
def test_interactive_deposit_bad_issuer(client,
acc1_usd_deposit_transaction_factory):
deposit = acc1_usd_deposit_transaction_factory()
payload = interactive_jwt_payload(deposit, "deposit")
payload["iss"] = "bad iss"
encoded_token = jwt.encode(payload,
settings.SERVER_JWT_KEY,
algorithm="HS256")
token = encoded_token.decode("ascii")
response = client.get(f"/transactions/deposit/webapp?token={token}")
assert "Invalid token issuer" in str(response.content)
assert response.status_code == 403
def test_interactive_deposit_no_transaction(
client, acc1_usd_deposit_transaction_factory
):
deposit = acc1_usd_deposit_transaction_factory()
payload = interactive_jwt_payload(deposit, "deposit")
deposit.delete() # remove from database
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode(
"ascii"
)
response = client.get(f"{WEBAPP_PATH}?token={token}")
assert "Transaction for account not found" in str(response.content)
assert response.status_code == 403
def test_interactive_withdraw_pending_anchor(mock_after_form_validation,
client):
usd = Asset.objects.create(
code="USD",
issuer=Keypair.random().public_key,
sep24_enabled=True,
withdrawal_enabled=True,
distribution_seed=Keypair.random().secret,
)
withdraw = Transaction.objects.create(asset=usd,
kind=Transaction.KIND.withdrawal,
protocol=Transaction.PROTOCOL.sep24)
payload = interactive_jwt_payload(withdraw, "withdraw")
token = jwt.encode(payload, settings.SERVER_JWT_KEY,
algorithm="HS256").decode("ascii")
response = client.get(f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}")
assert response.status_code == 200
assert client.session["authenticated"] is True
response = client.get(f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}")
assert response.status_code == 403
assert "Unexpected one-time auth token" in str(response.content)
def mark_as_pending_anchor(_, transaction):
transaction.status = Transaction.STATUS.pending_anchor
transaction.save()
mock_after_form_validation.side_effect = mark_as_pending_anchor
response = client.post(
f"{WEBAPP_PATH}/submit"
f"?transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}",
{"amount": 200.0},
)
assert response.status_code == 302
assert client.session["authenticated"] is False
withdraw.refresh_from_db()
assert withdraw.status == Transaction.STATUS.pending_anchor
def test_interactive_withdraw_bad_issuer(client):
usd = Asset.objects.create(
code="USD",
issuer=Keypair.random().public_key,
sep24_enabled=True,
withdrawal_enabled=True,
distribution_seed=Keypair.random().secret,
)
withdraw = Transaction.objects.create(asset=usd)
payload = interactive_jwt_payload(withdraw, "withdraw")
payload["iss"] = "bad iss"
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode()
response = client.get(f"{WEBAPP_PATH}?token={token}")
assert "Invalid token issuer" in str(response.content)
assert response.status_code == 403
def test_interactive_withdraw_success(client):
usd = Asset.objects.create(
code="USD",
issuer=Keypair.random().public_key,
sep24_enabled=True,
withdrawal_enabled=True,
distribution_seed=Keypair.random().secret,
)
withdraw = Transaction.objects.create(
asset=usd, kind=Transaction.KIND.withdrawal, protocol=Transaction.PROTOCOL.sep24
)
payload = interactive_jwt_payload(withdraw, "withdraw")
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode(
"ascii"
)
response = client.get(
f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}"
)
assert response.status_code == 200
assert client.session["authenticated"] is True
response = client.get(
f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}"
)
assert response.status_code == 403
assert "Unexpected one-time auth token" in str(response.content)
response = client.post(
f"{WEBAPP_PATH}/submit"
f"?transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}",
{"amount": 200.0},
)
assert response.status_code == 302
assert client.session["authenticated"] is False
def test_interactive_withdraw_no_transaction(client):
usd = Asset.objects.create(
code="USD",
issuer=Keypair.random().public_key,
sep24_enabled=True,
withdrawal_enabled=True,
distribution_seed=Keypair.random().secret,
)
withdraw = Transaction.objects.create(asset=usd, kind=Transaction.KIND.withdrawal)
payload = interactive_jwt_payload(withdraw, "withdraw")
withdraw.delete() # remove from database
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode(
"ascii"
)
response = client.get(f"{WEBAPP_PATH}?token={token}")
assert "Transaction for account not found" in str(response.content)
assert response.status_code == 403
def test_withdraw_interactive_complete(mock_interactive_url, client):
usd = Asset.objects.create(
code="USD",
issuer=Keypair.random().public_key,
sep24_enabled=True,
withdrawal_enabled=True,
distribution_seed=Keypair.random().secret,
)
withdraw = Transaction.objects.create(
asset=usd,
status=Transaction.STATUS.incomplete,
kind=Transaction.KIND.withdrawal,
)
payload = interactive_jwt_payload(withdraw, "withdraw")
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode(
"ascii"
)
mock_interactive_url.return_value = "https://test.com/customFlow"
response = client.get(
f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}"
)
assert response.status_code == 302
mock_interactive_url.assert_called_once()
assert client.session["authenticated"] is True
response = client.get(
WITHDRAW_PATH + "/complete",
{"transaction_id": withdraw.id, "callback": "test.com/callback"},
)
assert response.status_code == 302
redirect_to_url = response.get("Location")
assert "more_info" in redirect_to_url
assert "callback=test.com%2Fcallback" in redirect_to_url
withdraw.refresh_from_db()
assert withdraw.status == Transaction.STATUS.pending_user_transfer_start
def test_interactive_withdraw_post_no_content_tx_incomplete(
mock_content_for_template, mock_form_for_transaction, client
):
usd = Asset.objects.create(
code="USD",
issuer=Keypair.random().public_key,
sep24_enabled=True,
withdrawal_enabled=True,
distribution_seed=Keypair.random().secret,
)
withdraw = Transaction.objects.create(
asset=usd,
kind=Transaction.KIND.withdrawal,
status=Transaction.STATUS.incomplete,
)
mock_form_for_transaction.return_value = None
mock_content_for_template.return_value = {"test": "value"}
payload = interactive_jwt_payload(withdraw, "withdraw")
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode(
"ascii"
)
response = client.get(
f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={withdraw.id}"
f"&asset_code={usd.code}"
)
assert response.status_code == 200
assert client.session["authenticated"] is True
response = client.post(
f"{WEBAPP_PATH}/submit"
f"?transaction_id={withdraw.id}"
f"&asset_code={withdraw.asset.code}"
)
assert response.status_code == 500
assert "The anchor did not provide content, unable to serve page." in str(
response.content
)
def test_interactive_deposit_post_no_content_tx_complete(
mock_content_for_template, mock_form_for_transaction, client
):
usd = Asset.objects.create(
code="USD",
issuer=Keypair.random().public_key,
sep24_enabled=True,
deposit_enabled=True,
)
deposit = Transaction.objects.create(
asset=usd, kind=Transaction.KIND.deposit, status=Transaction.STATUS.completed
)
mock_form_for_transaction.return_value = None
mock_content_for_template.return_value = {"test": "value"}
payload = interactive_jwt_payload(deposit, "deposit")
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode(
"ascii"
)
response = client.get(
f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={deposit.id}"
f"&asset_code={usd.code}"
)
assert response.status_code == 200
assert client.session["authenticated"] is True
response = client.post(
f"{WEBAPP_PATH}/submit"
f"?transaction_id={deposit.id}"
f"&asset_code={deposit.asset.code}"
)
assert response.status_code == 422
assert (
"The anchor did not provide content, is the interactive flow already complete?"
in str(response.content)
)
def test_interactive_deposit_success(client, acc1_usd_deposit_transaction_factory):
deposit = acc1_usd_deposit_transaction_factory()
deposit.amount_in = None
deposit.save()
payload = interactive_jwt_payload(deposit, "deposit")
token = jwt.encode(payload, settings.SERVER_JWT_KEY, algorithm="HS256").decode(
"ascii"
)
response = client.get(
f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={deposit.id}"
f"&asset_code={deposit.asset.code}"
)
assert response.status_code == 200
assert client.session["authenticated"] is True
response = client.get(
f"{WEBAPP_PATH}"
f"?token={token}"
f"&transaction_id={deposit.id}"
f"&asset_code={deposit.asset.code}"
)
assert response.status_code == 403
assert "Unexpected one-time auth token" in str(response.content)
response = client.post(
f"{WEBAPP_PATH}/submit"
f"?transaction_id={deposit.id}"
f"&asset_code={deposit.asset.code}",
{"amount": 200.0},
)
assert response.status_code == 302
assert client.session["authenticated"] is False
